Are you passionate about security and access governance, monitoring and risk management? Buy with Prime and Multi-Channel Fulfillment (MCF) are looking for a highly motivated and experienced Security Governance Specialist ready to partner across Amazon tech and security groups to secure and protect our services and data. This security specialist will drive programs focused on providing multiple cross-cutting capabilities such as Access governance, Access policy management, security monitoring and detections, risk management, and continuous monitoring. You will act as a key member of the team responsible for Security Operations including Access Governance, security design, and exception activities, including automation. Candidates must have experience designing access control solution, access governance and risk management experience, including performing control self-assessments and managing external audits, designing controls, and prioritizing risk.

We operate in a hyper-growth environment where priorities shift quickly, so a passion and discipline around security and delivery is critical. You will tackle challenging situations every day and, given the size of this initiative, you will collaborate with various levels across Buy with Prime, MCF and Amazon. We are seeking a security specialist, who is comfortable working in a fast-paced, ever-changing environment and willing to dive deep into assessments and analytical rigor. Our team is growing, and we need security specialists who don't work reactively, but can operate independently, anticipate potential security challenges, and proactively monitor and improve the mechanisms we use to detect and correct potential non-compliance. The ability to partner with Service Teams and develop automated mechanisms and responses to potential instances of non-compliance will be key to scale the security program in key areas of Access Management, Risk Management, and Continuous Monitoring.


Key job responsibilities
* Design, implement and manage access control governance process and access control policies
*Analyze business, product and security data, uncover evolving threats, identify weaknesses and opportunities in risk defense
* Apply a working knowledge of information security and privacy regulation and policy to articulate customer and control impact and drive alignment to controls.
* Quantify risk control effects and trends, collaborate with engineering, operational and product teams, contribute to risk measurement, mitigation and prevention.
* Build detection rules to recognize, prevent and mitigate access violations.
* Establish regular reporting mechanisms for measuring compliance and performance;
* Develops metrics that demonstrate the current risk state, indicators of progress, and business alignment
* Support Continuous Monitoring initiatives to drive enforcement, oversight and improvement of security controls implementation through automation
* Partner with tech and security teams and to review and challenge identified risks, remediation plans, progress and status, and drive action as needed
* Monitor and oversee performance against Key Risk Indicators, including “Path to Green” plans
* Drive the successful achievement of business goals, including timely identification, escalation and remediation of risks and issues that impact program execution and delivery

About the team
Mentorship & Career Growth

Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we’re building an environment that celebrates knowledge sharing and mentorship.

Work/Life Balance

Our team puts high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren’t focused on how many hours you spend at work or online. Instead, we’re happy to offer a flexible schedule so you can have a more productive and well-balanced life—both in and outside of work.